<?php

class CsvController extends AppController {

	var $name = 'Csv';
	var $helpers = array('Html', 'Form', 'Csv');

	function beforeRender() {
		$groupid = $this->Auth->user('group_id');
		$name = 'Csv';
		IF($groupid != 1){
			$result1 = mysql_query("SELECT id FROM applications WHERE name = '$name'");
			$appid = mysql_fetch_object($result1)->id;
			$result2 = mysql_query("SELECT count(*) as count FROM groupshasrights WHERE group_id = '$groupid' AND application_id = '$appid'");
			$count = mysql_fetch_object($result2)->count;
			IF($count == 0){
				$this->Session->setFlash(__('Access Denied', true));
				$this->redirect(array('controller' => 'pages' ,'action' => 'error'));	
			}
		}
	}

    function export() {
        $this->layout = null;
        $this->autoLayout = false;
        $report = mysql_escape_string($this->params['url']['report']);
        $runid = mysql_escape_string($this->params['url']['runid']);
		
        $status1 = "Closed"; $status2 = "Cancelled"; $status3 = "Hard Closed";
        IF($report == '1') { $result = mysql_query("SELECT p.headernumber,p.detailnumber,p.xto,p.xfrom,p.xtodate,w.weborderid,p.trackingnumber FROM partrequests AS p, weborders AS w  WHERE p.weborder_id = w.id AND w.run_id = '$runid'"); }
    	IF($report == '2') { $result = mysql_query("SELECT p.headernumber,p.detailnumber,p.xto,p.xfrom,p.xtodate,w.weborderid,p.trackingnumber FROM partrequests AS p, weborders AS w  WHERE p.weborder_id = w.id AND xto NOT IN ('$status1','$status2','$status3') AND w.run_id = '$runid'"); }
    	IF($report == '3') { $result = mysql_query("SELECT p.headernumber,p.detailnumber,p.xto,p.xfrom,p.xtodate,w.weborderid,p.trackingnumber FROM partrequests AS p, weborders AS w  WHERE p.weborder_id = w.id AND xto IN ('$status1','$status3') AND w.run_id = '$runid'"); }
    	IF($report == '4') { $result = mysql_query("SELECT p.headernumber,p.detailnumber,p.xto,p.xfrom,p.xtodate,w.weborderid,p.trackingnumber FROM partrequests AS p, weborders AS w  WHERE p.weborder_id = w.id AND xto = '$status2' AND w.run_id = '$runid'"); }
        $this->set(compact('result','report','runid'));
    }
    
    
	function pondcases() {
        $this->layout = null;
        $this->autoLayout = false;
        $result = mysql_query("SELECT pc.caseid caseid, c.account_number accountnumber FROM pondcases pc, partrequests pr LEFT JOIN customershasmacs chm ON (pr.mac_id = chm.mac_id) LEFT JOIN customers c ON (chm.customer_id = c.id) WHERE pc.partrequest_id = pr.id");
        $this->set(compact('result'));
    }




}
?>
